Update list of trivy ignored cves (#1610)

TimPansino · web-flow · commit f8b4068eb4e5 · 2025-12-16T18:32:13.000-08:00
diff --git a/.github/.trivyignore b/.github/.trivyignore
@@ -1,9 +1,15 @@
+# =============================
+# Accepted Risk Vulnerabilities
+# =============================
+
+# Accepting risk due to Python 3.8 support.
+CVE-2025-50181  # Requires misconfiguration of urllib3, which agent does not do without intervention
+CVE-2025-66418  # Malicious servers could cause high resource consumption
+CVE-2025-66471  # Malicious servers could cause high resource consumption
+
 # =======================
 # Ignored Vulnerabilities
 # =======================
 
-# Accepting risk due to Python 3.8 support.
-CVE-2025-50181
-
 # Not relevant, only affects Pyodide
 CVE-2025-50182
